Incident OverviewSince 6 PM Beijing Time on December 4, 2024, “ghost repositories” have been appearing on GitHub. These repositories contain no code but include deceptive virus files. That same day, they became the fastest-growing repositories on GitHub in terms of stars. Over 180 fake zombie accounts were spreading the virus, waiting for victims to fall into their trap.A Chinese developer—myself—took notice of all this. After days of probing and searching, I identified the attacker.Incident DetailsInitially, I was developing an open-source program to identify early-sta...